Please follow the below two steps to configure DKIM for the Forcepoint cloud
- Publish two CNAME records for your custom domain in DNS.
- Enable DKIM signing for your custom domain in Office 365.
Publish two CNAME records for your custom domain in DNS
For each domain for which you want to add a DKIM signature in DNS, you need to publish two CNAME records. A CNAME record is used by DNS to specify that the canonical name of a domain is an alias for another domain name.
CNAME record Name : fpkeyNNN-1._domainkey.
Record value : fpkeyNNN-1._domainkey.out.mailcontrol.com
CNAME record Name : fpkeyNNN-2._domainkey.
Record value : fpkeyNNN-2._domainkey.out.mailcontrol.com
Before enabling a signing rule, you must publish DNS CNAME records for your signing domain. CNAME records enable the DNS lookup to Forcepoint in order to provide the public key to recipient mail servers.
Note: The step which are struck off are optional and can be ignored (unless there is requirement to customize the signing process).
Adding a DKIM signing rule:
- Navigate to Email > Policies > [policy name] > Anti-spoofing tab.
- Under DKIM Signing, click Add.
- On the Add DKIM Signing Rule page, enter a rule name.
- In the Sender domains/subdomains field, add one or more sender domain/ subdomains that will be signed by this rule, separated by a line break.
- In the Signing domain field, enter the domain that will be used as the signing domain for this rule.
- Click Submit.
Once you have added a signing rule, the service checks the CNAME records for your signing domain. If the CNAME record check fails, an error message is shown. A rule cannot be enabled until the CNAME record check has passed.
Enabling a DKIM signing rule
DKIM signing rules are initially set to OFF. In order to enable a DKIM signing rule, the signing domain must have passed a CNAME record check.
Enable a DKIM signing rule on the Email > Policies > [policy name] > Anti-spoofing tab, under DKIM Signing.
To enable a rule:
- If the CNAME record check has passed, toggle the State switch on ON, then click Save.
- If the CNAME record check has failed, ensure that the CNAME record has been published for the signing domain.
Once you have published the CNAME record, click Recheck to perform the check again. To disable a rule, toggle the State switch to OFF, then click Save.
Please refer to the below URL for further details